You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Chesnay Schepler (Jira)" <ji...@apache.org> on 2020/08/25 21:32:00 UTC
[jira] [Comment Edited] (FLINK-18192) Upgrade to Avro version 1.9.2
from 1.8.2
[ https://issues.apache.org/jira/browse/FLINK-18192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183877#comment-17183877 ]
Chesnay Schepler edited comment on FLINK-18192 at 8/25/20, 9:31 PM:
--------------------------------------------------------------------
[~twalthr] Could you find someone to gauge how difficult this would be?
I'm interested in this because of CVE-2019-10172 transitively affecting Avro 1.8.X. I know that we expect users to provide whatever version they wish (and in fact if they can just use 1.9 it may not be a problem), but we should think about how/when to upgrade avro.
was (Author: zentol):
[~twalthr] Could you find someone to gauge how difficult this would be?
> Upgrade to Avro version 1.9.2 from 1.8.2
> ----------------------------------------
>
> Key: FLINK-18192
> URL: https://issues.apache.org/jira/browse/FLINK-18192
> Project: Flink
> Issue Type: Improvement
> Components: Build System, Formats (JSON, Avro, Parquet, ORC, SequenceFile)
> Reporter: Lucas Heimberg
> Priority: Major
> Fix For: 1.12.0
>
>
> As of version 1.11, Flink (i.e., flink-avro) still uses Avro in version 1.8.2.
> Avro 1.9.2 contains many bugfixes, in particular in respect to the support for logical types. A further advantage would be that an upgrade to Avro 1.9.2 would also allow to use the Confluent Schema Registry client and Avro deserializer in version 5.5.0, which finally support schema references.
> Therefore it would be great if Flink could make use of Avro 1.9.2 or higher in future releases.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)